Creating a Push Operation

To create a new push operation:

  1. Log in to the Endpoint Security Administrator Portal.
  2. Navigate to Asset Management > Push Operations.
  3. Click Create operation.

    The Create operation page appears. Select the required operation and the required actions.


    Create operation page
  4. In the Operation tab, select the required operation.

    The supported operations are:

    Table 1. Supported Push Operations
    Category Push Operations Windows macOS Linux
    Anti-Malware Scan for Malware YesYesYes
    Update Malware Signature Database YesYesYes
    Restore Files from Quarantine YesYesYes
    Forensics and Remediation Analyze by Indicator YesYesNo
    File Remediation YesYesYes
    Isolate Computer YesYesNo
    Release Computer YesYesNo
    Agent Settings Deploy New Endpoints YesNoNo
    Collect Client Logs YesYesNo
    Collect Client Logs Offline YesYesNo
    Repair Client YesNoNo
    Shutdown Computer YesYesNo
    Restart Computer YesYesNo
    Uninstall Client YesYesNo
    Application Scan YesYesNo
    Kill Process YesYesNo
    Remote Command YesYesYes
    Search and Fetch files YesYesNo
    Registry Actions YesNoNo
    File Actions YesYesNo
    VPN Site YesYesNo
    Collect Processes YesNoNo
    Run Diagnostics YesYesNo
    Enable / Disable Self Protection YesYesNo
    Collect Memory Dump YesYesNo
  5. Click Next.
  6. In the Devices tab, configure the required devices.

    Devices tab
    • To perform a push operation for all organizational assets, select Entire organization.
    • To perform a push operation for specific affected assets, select Custom and choose the affected devices.
  7. Click Next.
  8. Configure the operation settings.
    Table 2. Anti-Malware Operations
    Push Operations Description 2FA Required
    Scan for Malware Runs an Anti-Malware scan on the computer or computers, based on the configured settings. No
    Update Malware Signature Database Updates malware signatures on the computer or computers, based on the configured settings. No
    Restore Files from Quarantine

    Restores files from quarantine on the computer or computers, based on the configured settings.

    To restore files from quarantine:

    1. In the Full Path field, enter the path to file before it was quarantined including the file name. For example, c:\temp\eicar.txt.

    2. Click OK.

    No
    Table 3. Forensics and Remediation Operations
    Push Operations Description 2FA Required
    Analyze by Indicator Manually triggers collection of forensics data for an endpoint device that accesses or executes the indicator. The indicator can be a URL, an IP, a path, a file name or an MD5. No
    File Remediation

    Quarantines malicious files and remediates them as necessary.

    To move or restore files from quarantine:

    1. Click + and select the organization.

    2. Click Update Selection.

    3. Select the device and click Next.

    4. Add Comment, optional comment about the action.

    5. To move the files to quarantine, select Move the following files to quarantine.

    6. To restore the files from quarantine, select Restore the following files from quarantine.

    7. Click +.

    8. From the drop-down:

      1. Select Full file path or Incident ID:

        1. In the Element field, enter the incident ID from the Endpoint Security Security client or enter the incident UID for the corresponding incident from the Logs menu in the Endpoint Security portal. To obtain the incident UID, open the log entry and expand the More section to view the incident UID.

        2. Click OK.

      2. Select MD5 Hash:

        1. Enter or upload the Element.

        2. Click OK.

    9. Click Finish.

    No
    Isolate Computer Makes it possible to isolate a specific device that is under malware attack and poses a risk of propagation. This action can be applied on one or more devices. The Firewall component must be installed on the client in order to perform isolation. Only DHCP, DNS and traffic to the management server are allowed. No
    Release Computer Removes device from isolation. This action can be applied on one or more devices. No
    Note:
    For Agent Settings operation descriptions (Deploy New Endpoints, Collect Client Logs, Repair Client, Shutdown/Restart Computer, Uninstall Client, Application Scan, Kill Process, Remote Command, Search and Fetch files, Registry Actions, File Actions, VPN Site, Collect Processes, Run Diagnostics, Enable/Disable Self Protection, Collect Memory Dump), see the Agent Settings section of the source snippet.
  9. Click Next.
  10. (Optional) In the Schedule tab, configure the schedule to run the operation.

    Schedule tab
    1. In the Run Operation section:
      • To execute the operation immediately, select Immediately.

      • To schedule the date and time to run the operation, select Schedule and in the Date section, select the required date and time.

    2. In the Expire on section, select the expiration time frame:
      • 7 days

      • 30 days

      • Custom

  11. Click Next.

    The Summary tab shows a summary of the selected operation.


    Summary tab
  12. Click Create.